package org.apache.cxf.rs.security.oauth2.grants;

import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.class */
public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractGrantHandler.class);
    private List<String> supportedGrants;
    private OAuthDataProvider dataProvider;
    private boolean partialMatchScopeValidation;
    private boolean canSupportPublicClients;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractGrantHandler(String str) {
        this.supportedGrants = Collections.singletonList(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractGrantHandler(List<String> list) {
        if (list.isEmpty()) {
            throw new IllegalArgumentException("The list of grant types can not be empty");
        }
        this.supportedGrants = list;
    }

    public void setDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.dataProvider = oAuthDataProvider;
    }

    public OAuthDataProvider getDataProvider() {
        return this.dataProvider;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler
    public List<String> getSupportedGrantTypes() {
        return Collections.unmodifiableList(this.supportedGrants);
    }

    @Deprecated
    protected void checkIfGrantSupported(Client client) {
        checkIfGrantSupported(client, getSingleGrantType());
    }

    private void checkIfGrantSupported(Client client, String str) {
        if (!OAuthUtils.isGrantSupportedForClient(client, this.canSupportPublicClients, str)) {
            throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSingleGrantType() {
        if (this.supportedGrants.size() <= 1) {
            return this.supportedGrants.get(0);
        }
        LOG.warning("Request grant type must be specified");
        throw new WebApplicationException(500);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, MultivaluedMap<String, String> multivaluedMap) {
        return doCreateAccessToken(client, userSubject, OAuthUtils.parseScope((String) multivaluedMap.getFirst("scope")), getAudiences(client, (String) multivaluedMap.getFirst(OAuthConstants.CLIENT_AUDIENCE)));
    }

    protected ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, List<String> list) {
        return doCreateAccessToken(client, userSubject, getSingleGrantType(), list);
    }

    protected ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, List<String> list, List<String> list2) {
        return doCreateAccessToken(client, userSubject, getSingleGrantType(), list, list2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, String str, List<String> list) {
        return doCreateAccessToken(client, userSubject, str, list, null);
    }

    protected ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, String str, List<String> list, List<String> list2) {
        ServerAccessToken preAuthorizedToken = getPreAuthorizedToken(client, userSubject, str, list, list2);
        if (preAuthorizedToken != null) {
            return preAuthorizedToken;
        }
        AccessTokenRegistration accessTokenRegistration = new AccessTokenRegistration();
        accessTokenRegistration.setClient(client);
        accessTokenRegistration.setGrantType(str);
        accessTokenRegistration.setSubject(userSubject);
        accessTokenRegistration.setRequestedScope(list);
        accessTokenRegistration.setApprovedScope(getApprovedScopes(client, userSubject, list));
        accessTokenRegistration.setAudiences(list2);
        return this.dataProvider.createAccessToken(accessTokenRegistration);
    }

    protected List<String> getApprovedScopes(Client client, UserSubject userSubject, List<String> list) {
        return Collections.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerAccessToken getPreAuthorizedToken(Client client, UserSubject userSubject, String str, List<String> list, List<String> list2) {
        if (!OAuthUtils.validateScopes(list, client.getRegisteredScopes(), this.partialMatchScopeValidation)) {
            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
        }
        if (OAuthUtils.validateAudiences(list2, client.getRegisteredAudiences())) {
            return this.dataProvider.getPreauthorizedToken(client, list, userSubject, str);
        }
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_GRANT));
    }

    public boolean isPartialMatchScopeValidation() {
        return this.partialMatchScopeValidation;
    }

    public void setPartialMatchScopeValidation(boolean z) {
        this.partialMatchScopeValidation = z;
    }

    public void setCanSupportPublicClients(boolean z) {
        this.canSupportPublicClients = z;
    }

    public boolean isCanSupportPublicClients() {
        return this.canSupportPublicClients;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getAudiences(Client client, String str) {
        if (client.getRegisteredAudiences().isEmpty() && str == null) {
            return Collections.emptyList();
        }
        if (str == null) {
            return client.getRegisteredAudiences();
        }
        List<String> singletonList = Collections.singletonList(str);
        if (OAuthUtils.validateAudiences(singletonList, client.getRegisteredAudiences())) {
            return singletonList;
        }
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
}
